2 matches found
CVE-2004-2026
CVE-2004-2026 describes a format-string vulnerability in Pound’s logmsg function (svc.c) affecting Pound 1.5 and earlier. A remote attacker could trigger arbitrary code execution by supplying format-specifiers in syslog messages. The vulnerability is due to improper handling of user-controlled fo...
CVE-2004-2026
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...